Skip navigation

Vulnerabilities in PHP-based Libraries

Major security problems in two popular PHP-based libraries have led to complete removal of a particular programming function in those libraries. In June problems were discovered in libraries that provide PHP-based support for XML and RPC, which are used by many  applications today including hugely popular blog software packages.

After the discovery and subsequent patches were released the Hardened PHP project decided to further audit the suspect code where they then discovered other serious security problems in PHPXMLRPC and PEAR XML_RPC .

As a result of the discoveries The PHP Group completely removed the eval() function from both PHPXMLRPC and PEAR XML_RPC libraries. The Hardened PHP project also removed the function in its patches for PHP that strength it's security in a number of other areas. New versions of the libraries and hardening patches are now available.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.